I wrote code using doing over 30 years ago to automatically change passwords. This was before the days of pass tickets and I needed one piece of software to sign on as an IMS user to IMS. It needed a password. So I coded an exit routine which would build a new password using some randomisation algorithm and then encrypt it using the call you mention. I then extracted the existing password in encrypted form and used a RACROUTE REQUEST=VERIFY with those old and new passwords and specifying ENCRYPT=NO.
This performed the logon and switched the password every time. No one ever saw the password. I had retry logic for siuations wher the new password was rejected for any reason. I think this method breaks under KDFAES passwords. Nowadays a pass ticket would be a preferable method. Restoring a DES encrypted password requires REQUEST=EXTRACT,TYPE=REPLACE I think, but I have never tried doing that. Lennie Dymoke-Bradshaw https://rsclweb.com 'Dance like no one is watching. Encrypt like everyone is.' -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Binyamin Dissen Sent: 13 December 2022 17:13 To: [email protected] Subject: RACROUTE REQUEST=EXTRACT,TYPE=ENCRYPT,ENCRYPT=(,DES) The doc indicates that this request will return data that can be used for authentication. Not clear to me how used (PASSWORD in REQUEST=VERIFY) . Also, do not understand how a DES encrypted password can be restored. Am I missing something obvious? I would think that TOKEN would be the way to go. -- Binyamin Dissen <[email protected]> http://www.dissensoftware.com Director, Dissen Software, Bar & Grill - Israel ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
